CN116049866A

CN116049866A - Data protection method, electronic equipment and chip system

Info

Publication number: CN116049866A
Application number: CN202210734072.3A
Authority: CN
Inventors: 张朋
Original assignee: Honor Device Co Ltd
Current assignee: Honor Device Co Ltd
Priority date: 2022-06-27
Filing date: 2022-06-27
Publication date: 2023-05-02

Abstract

The application provides a data protection method, electronic equipment and a chip system, and relates to the technical field of data security; the method can preset the hash value of the code segment of the low-security-level module in the high-security-level security environment, then when the low-security-level module needs to be verified, the hash value of the low-security-level module is sent to the high-security-level security environment, and the high-security-level security environment determines whether the code segment of the low-security-level module is tampered or not according to the preset hash value and the received hash value, and if not, the low-security-level execution environment is safe; in addition, whether the high-safety-level safety environment is safe or not can be determined through the dog feeding operation in the high-safety-level safety environment; the method does not need to develop a huge encryption algorithm, and the development process is simple.

Description

Data protection method, electronic equipment and chip system

Technical Field

The present disclosure relates to the field of data security technologies, and in particular, to a data protection method, an electronic device, and a chip system.

Background

Electronic devices are increasingly powerful, such as payment functions and the like. Some sensitive data may be inevitably present in the electronic device, so that the security requirement of the user on the data in the electronic device is also higher and higher. The sensitive data is protected based on the operating environment in which the sensitive data is located.

Currently, developers typically set multiple security levels for the operating environment in an electronic device. Thus, there are a number of different security levels of security environments in an electronic device. However, in practical applications, some low-security environments may not be able to meet the security requirements, resulting in a risk of leakage of data in the low-security environments.

Disclosure of Invention

The application provides a data protection method, electronic equipment and a chip system, which can improve the safety of a low-safety-level safety environment by utilizing the existing conditions in the electronic equipment, thereby improving the safety of data in the low-safety-level data safety electronic equipment.

In order to achieve the above purpose, the present application adopts the following technical scheme:

in a first aspect, the present application provides a data protection method, applied to an electronic device, where the electronic device includes a processor running a first security environment and a security chip provided with a first measurement module, and the first security environment is provided with a first calculation module, and the method includes:

the first computing module computes a hash value of a first module in a first secure environment, wherein the operation of the first module depends on services provided by a secure chip;

The first calculation module sends the hash value of the first module to the first measurement module;

the first measurement module verifies the hash value of the first module based on preset verification information of the first module to obtain a first verification result;

if the first verification result is verification failure, the security chip stops providing services to the first module.

In the application, the hash value of the first module in the first secure environment is preset in the secure chip, and generally, the security level of the secure chip is higher than that of the secure environment in the processor, and when the first secure environment needs to be verified, the hash value of the first module in the first secure environment is verified through the secure chip to determine whether to continue providing services for the first module. In this way, the security level of the first module in the first security environment can be improved, thereby improving the security of the data processed by the first module.

As an implementation manner of the first aspect, the calculating, by the first computing module, a hash value of the first module in the first secure environment includes:

when the electronic equipment is started, the first computing module computes a hash value of the first module in the first security environment.

In the application, the security verification of the first module can be performed when the electronic equipment is started, so that the security is improved.

As another implementation manner of the first aspect, the calculating, by the first computing module, a hash value of the first module in the first secure environment includes:

after the electronic device is started, the first computing module computes a hash value of the first module in the first secure environment in a first time period.

In the application, after the electronic equipment is started, the safety verification of the first module can be performed in a preset time period, so that the safety is improved.

As another implementation manner of the first aspect, a first monitoring task is further provided in the security chip, and the method further includes:

after the electronic equipment is started, the first monitoring task executes a first dog feeding operation based on the running condition of the security chip in a second time period;

if the first feeding dog operation fails, the security chip is not available, wherein the security chip no longer provides service for the first module in the event that the security chip is not available.

In this application, although the security of the first module in the first security environment can be improved by the security chip with a higher security level, if the security of the security chip cannot be ensured, the security of the first module cannot be ensured, so that it is also necessary to ensure that the security chip is secure by the first monitoring task in the security chip. In this way, the security of the security verification process of the first module can be improved.

As another implementation manner of the first aspect, a first monitoring task is further provided in the security chip, and after obtaining the first verification result, the method further includes:

if the first verification result is that verification is successful, the first monitoring task executes a first dog feeding operation based on the running condition of the security chip;

if the first feeding dog operation fails, the security chip is not available, wherein the security chip does not provide service for the first module any more under the condition that the security chip is not available;

if the first feeding dog operation is successful, the security chip is available, wherein the security chip provides service for the first module if the security chip is available.

As another implementation manner of the first aspect, if the first verification result is that the verification fails, the security chip stops providing the service to the first module, including:

if the first verification result is verification failure, the first monitoring task does not execute the first feeding operation any more, wherein if the first monitoring task does not execute the first feeding operation any more, the first feeding operation fails.

As another implementation manner of the first aspect, the processor further runs an operating system, a second computing module is disposed in the operating system, and a second metric module is disposed in the first security environment, where the method further includes:

The second computing module computes a hash value of a second module in the operating system, wherein the operation of the second module depends on services provided by the first security environment;

the second calculation module sends the hash value of the second module to the second measurement module;

the second metric module verifies the hash value of the second module based on preset verification information of the second module to obtain a second verification result;

if the second verification result is verification failure, the first security environment stops providing services to the second module.

In the application, security verification is further provided for a lower security level environment (such as an operating system) through the first security environment, so that the security of the second module in the operating system is improved.

As another implementation manner of the first aspect, the calculating, by the second calculating module, a hash value of the second module in the operating system includes:

when the electronic equipment is started, the second computing module computes a hash value of a second module in the operating system.

after the electronic device is started, the second computing module computes a hash value of the second module in the operating system in a third time period.

As another implementation manner of the first aspect, a second monitoring task is further provided in the first security environment, and the method further includes:

after the electronic equipment is started, the second monitoring task executes a second dog feeding operation in a fourth time period based on the running condition of the first safety environment;

if the second feeding dog fails, the first safety environment is not available, wherein the first safety environment does not provide service for the second module any more under the condition that the first safety environment is not available.

As another implementation manner of the first aspect, a second monitoring task is further provided in the first secure environment, and after obtaining the second verification result, the method further includes:

if the second verification result is that verification is successful, the second monitoring task executes a second dog feeding operation based on the running condition of the first safety environment;

if the second feeding dog operation fails, the first safety environment is not available, wherein the first safety environment does not provide service for the second module any more under the condition that the first safety environment is not available;

if the second feeding dog operation is successful, the first safety environment is available, wherein the safety chip provides service for the first module under the condition that the first safety environment is available.

As another implementation manner of the first aspect, if the second verification result is that the verification fails, the first secure environment stops providing the service to the second module, including:

if the second verification result is verification failure, the second monitoring task does not execute the second feeding operation any more, wherein if the second monitoring task does not execute the second feeding operation any more, the second feeding operation fails.

As another implementation manner of the first aspect, a third calculation module is provided in a normal service of the electronic device, where the normal service is a service with a security level lower than that of the operating system, and a third measurement module is provided in the operating system, and the method further includes:

the third calculation module calculates a hash value of a third module of the common service, wherein the operation of the third module depends on services provided by an operating system;

the third calculation module sends the hash value of the third module to the third measurement module;

the third measurement module verifies the hash value of the third module based on preset verification information of the third module to obtain a third verification result;

and if the third verification result is verification failure, stopping the service provided to the third module by the operating system.

As another implementation manner of the first aspect, the calculating, by the third calculating module, a hash value of the third module in the normal service includes:

When the electronic equipment is started, the third calculation module calculates the hash value of the third module in the common service.

after the electronic equipment is started, the third calculation module calculates the hash value of the third module in the common service in a fifth time period.

As another implementation manner of the first aspect, a third monitoring task is further provided in the operating system, and the method further includes:

after the electronic equipment is started, the third monitoring task executes a third dog feeding operation based on the running condition of the operating system in a sixth time period;

if the third feeding dog fails to operate, the operating system is not available, wherein the operating system no longer provides service for the third module in the event that the operating system is not available.

As another implementation manner of the first aspect, a third monitoring task is further provided in the operating system, and after obtaining the third verification result, the method further includes:

if the third verification result is that verification is successful, the third monitoring task executes a third dog feeding operation based on the running condition of the operating system;

if the third feeding dog fails to operate, the operating system is not available, wherein the operating system does not provide service for the third module any more under the condition that the operating system is not available;

If the third watchdog operation is successful, the operating system is available, wherein the operating system provides services for the third module if the operating system is available.

As another implementation manner of the first aspect, if the third verification result is that the verification fails, the operating system stops providing the service to the third module, including:

if the third verification result is verification failure, the third monitoring task does not execute the third feeding operation any more, wherein if the third monitoring task does not execute the third feeding operation any more, the third feeding operation fails.

In a second aspect, there is provided an electronic device comprising a processor for executing a computer program stored in a memory, implementing the method of any of the first aspects of the present application.

In a third aspect, there is provided a system on a chip comprising a processor coupled to a memory, the processor executing a computer program stored in the memory to implement the method of any of the first aspects of the present application.

In a fourth aspect, there is provided a computer readable storage medium storing a computer program which when executed by one or more processors performs the method of any of the first aspects of the present application.

In a fifth aspect, the present application provides a computer program product for, when run on a device, causing the device to perform the method of any one of the first aspects of the present application.

It will be appreciated that the advantages of the second to fifth aspects may be found in the relevant description of the first aspect, and are not described here again.

Drawings

Fig. 1 is a schematic hardware structure of an electronic device according to an embodiment of the present application;

fig. 2 is a schematic diagram of a chip architecture of an electronic device according to an embodiment of the present application;

fig. 3 is a schematic diagram of a security architecture of an electronic device according to an embodiment of the present application;

fig. 4 is a schematic flow chart of hash value verification of a security chip on a key module in a TEE execution environment according to an embodiment of the present application;

fig. 5 is a schematic flow chart of hash value verification of a key module in an operating system by a TEE execution environment according to an embodiment of the present application;

fig. 6 is a schematic flow chart of hash value verification of an operating system on a key module in a common service according to an embodiment of the present application;

FIG. 7 is a schematic flow chart of a method for simultaneously adopting static verification and dynamic verification according to an embodiment of the present application;

Fig. 8 is a flowchart of a method for improving the security of a security environment with a low security level according to an embodiment of the present application.

Detailed Description

In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system configurations, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details.

It should be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.

It should also be understood that in embodiments of the present application, "one or more" means one, two, or more than two; "and/or", describes an association relationship of the association object, indicating that three relationships may exist; for example, a and/or B may represent: a alone, a and B together, and B alone, wherein A, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship.

In addition, in the description of the present application and the appended claims, the terms "first," "second," "third," "fourth," and the like are used merely to distinguish between descriptions and are not to be construed as indicating or implying relative importance.

Reference in the specification to "one embodiment" or "some embodiments" or the like means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," and the like in the specification are not necessarily all referring to the same embodiment, but mean "one or more but not all embodiments" unless expressly specified otherwise. The terms "comprising," "including," "having," and variations thereof mean "including but not limited to," unless expressly specified otherwise.

The data protection method provided by the embodiment of the application can be applied to electronic equipment such as tablet computers, mobile phones, notebook computers, ultra-mobile personal computer (UMPC), netbooks, personal digital assistants (personal digital assistant, PDA) and the like. The memory in these electronic devices may be UFS devices. The embodiment of the application does not limit the specific type of the electronic equipment.

Fig. 1 shows a schematic structural diagram of an electronic device. The electronic device 100 may include a processor 110, an external memory interface 120, an internal memory 121, a universal serial bus (universal serial bus, USB) interface 130, a charge management module 140, a power management module 141, a battery 142, an antenna 1, an antenna 2, a mobile communication module 150, a wireless communication module 160, an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, a sensor module 180, keys 190, a motor 191, a camera 193, a display 194, and a subscriber identity module (subscriber identification module, SIM) card interface 195, etc. Among other things, the sensor module 180 may include a pressure sensor 180A, a touch sensor 180K, and the like.

It is to be understood that the structure illustrated in the embodiments of the present application does not constitute a specific limitation on the electronic device 100. In other embodiments of the present application, electronic device 100 may include more or fewer components than shown, or certain components may be combined, or certain components may be split, or different arrangements of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.

The processor 110 may include one or more processing units, such as: the processor 110 may include an application processor (application processor, AP), a modem processor, a graphics processor (graphics processing unit, GPU), an image signal processor (image signal processor, ISP), a controller, a memory, a video codec, a digital signal processor (digital signal processor, DSP), a baseband processor, and/or a neural network processor (neural-network processing unit, NPU), etc. Wherein the different processing units may be separate devices or may be integrated in one or more processors.

The controller may be a neural hub and a command center of the electronic device 100, among others. The controller can generate operation control signals according to the instruction operation codes and the time sequence signals to finish the control of instruction fetching and instruction execution.

A memory may also be provided in the processor 110 for storing instructions and data. In some embodiments, the memory in the processor 110 is a cache memory. The memory may hold instructions or data that the processor 110 has just used or recycled. If the processor 110 needs to reuse the instruction or data, it may be called directly from memory. Repeated accesses are avoided and the latency of the processor 110 is reduced, thereby improving the efficiency of the system.

The USB interface 130 is an interface conforming to the USB standard specification, and may specifically be a Mini USB interface, a Micro USB interface, a USB Type C interface, or the like. The USB interface 130 may be used to connect a charger to charge the electronic device 100, and may also be used to transfer data between the electronic device 100 and a peripheral device.

The external memory interface 120 may be used to connect an external memory card, such as a Micro SD card, to enable expansion of the memory capabilities of the electronic device 100. The external memory card communicates with the processor 110 through an external memory interface 120 to implement data storage functions. For example, files such as music, video, etc. are stored in an external memory card.

The internal memory 121 may be used to store computer-executable program code that includes instructions. The processor 110 executes various functional applications of the electronic device 100 and data processing by executing instructions stored in the internal memory 121. The internal memory 121 may include a storage program area and a storage data area. The storage program area may store application programs (such as a sound playing function, an image playing function, etc.) required for at least one function of the operating system.

In addition, the internal memory 121 may include a high-speed random access memory, and may further include a nonvolatile memory such as at least one magnetic disk storage device, a flash memory device, a universal flash memory (universal flash storage, UFS), and the like.

The charge management module 140 is configured to receive a charge input from a charger. The charger can be a wireless charger or a wired charger. In some wired charging embodiments, the charge management module 140 may receive a charging input of a wired charger through the USB interface 130.

The power management module 141 is used for connecting the battery 142, and the charge management module 140 and the processor 110. The power management module 141 receives input from the battery 142 and/or the charge management module 140 and provides power to the processor 110, the internal memory 121, the external memory, the display 194, the camera 193, the wireless communication module 160, and the like.

In other embodiments, the power management module 141 may also be provided in the processor 110. In other embodiments, the power management module 141 and the charge management module 140 may be disposed in the same device.

The wireless communication function of the electronic device 100 may be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, a modem processor, a baseband processor, and the like.

The antennas 1 and 2 are used for transmitting and receiving electromagnetic wave signals. Each antenna in the electronic device 100 may be used to cover a single or multiple communication bands. Different antennas may also be multiplexed to improve the utilization of the antennas. For example: the antenna 1 may be multiplexed into a diversity antenna of a wireless local area network. In other embodiments, the antenna may be used in conjunction with a tuning switch.

The mobile communication module 150 may provide a solution for wireless communication including 2G/3G/4G/5G, etc., applied to the electronic device 100. The mobile communication module 150 may include at least one filter, switch, power amplifier, low noise amplifier (low noise amplifier, LNA), etc. The mobile communication module 150 may receive electromagnetic waves from the antenna 1, perform processes such as filtering, amplifying, and the like on the received electromagnetic waves, and transmit the processed electromagnetic waves to the modem processor for demodulation. The mobile communication module 150 can amplify the signal modulated by the modem processor, and convert the signal into electromagnetic waves through the antenna 1 to radiate.

The wireless communication module 160 may provide solutions for wireless communication including wireless local area network (wireless local area networks, WLAN) (e.g., wireless fidelity (wireless fidelity, wi-Fi) network), bluetooth (BT), global navigation satellite system (global navigation satellite system, GNSS), frequency modulation (frequency modulation, FM), near field wireless communication technology (near field communication, NFC), infrared technology (IR), etc., as applied to the electronic device 100. The wireless communication module 160 may be one or more devices that integrate at least one communication processing module. The wireless communication module 160 receives electromagnetic waves via the antenna 2, modulates the electromagnetic wave signals, filters the electromagnetic wave signals, and transmits the processed signals to the processor 110. The wireless communication module 160 may also receive a signal to be transmitted from the processor 110, frequency modulate it, amplify it, and convert it to electromagnetic waves for radiation via the antenna 2.

In some embodiments, antenna 1 and mobile communication module 150 of electronic device 100 are coupled, and antenna 2 and wireless communication module 160 are coupled, such that electronic device 100 may communicate with a network and other devices through wireless communication techniques.

The electronic device 100 may implement audio functions through an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, an application processor, and the like. Such as music playing, recording, etc.

The audio module 170 is used to convert digital audio signals to analog audio signal outputs and also to convert analog audio inputs to digital audio signals. The audio module 170 may also be used to encode and decode audio signals. In some embodiments, the audio module 170 may be disposed in the processor 110, or a portion of the functional modules of the audio module 170 may be disposed in the processor 110.

The speaker 170A, also referred to as a "horn," is used to convert audio electrical signals into sound signals. The electronic device 100 may listen to music, or to hands-free conversations, through the speaker 170A.

A receiver 170B, also referred to as a "earpiece", is used to convert the audio electrical signal into a sound signal. When electronic device 100 is answering a telephone call or voice message, voice may be received by placing receiver 170B in close proximity to the human ear.

Microphone 170C, also referred to as a "microphone" or "microphone", is used to convert sound signals into electrical signals. When making a call or transmitting voice information, the user can sound near the microphone 170C through the mouth, inputting a sound signal to the microphone 170C. The electronic device 100 may be provided with at least one microphone 170C. In other embodiments, the electronic device 100 may be provided with two microphones 170C, and may implement a noise reduction function in addition to listening to voice information. In other embodiments, the electronic device 100 may also be provided with three, four, or more microphones 170C to enable collection of sound signals, noise reduction, identification of sound sources, directional recording functions, etc.

The earphone interface 170D is used to connect a wired earphone. The headset interface 170D may be a USB interface 130 or a 3.5mm open mobile electronic device platform (open mobile terminal platform, OMTP) standard interface, a american cellular telecommunications industry association (cellular telecommunications industry association of the USA, CTIA) standard interface.

The pressure sensor 180A is used to sense a pressure signal, and may convert the pressure signal into an electrical signal. In some embodiments, the pressure sensor 180A may be disposed on the display screen 194. The pressure sensor 180A is of various types, such as a resistive pressure sensor, an inductive pressure sensor, a capacitive pressure sensor, and the like. The capacitive pressure sensor may be a capacitive pressure sensor comprising at least two parallel plates with conductive material. The capacitance between the electrodes changes when a force is applied to the pressure sensor 180A. The electronic device 100 determines the strength of the pressure from the change in capacitance. When a touch operation is applied to the display screen 194, the electronic apparatus 100 detects the touch operation intensity according to the pressure sensor 180A. The electronic device 100 may also calculate the location of the touch based on the detection signal of the pressure sensor 180A.

The touch sensor 180K, also referred to as a "touch panel". The touch sensor 180K may be disposed on the display screen 194, and the touch sensor 180K and the display screen 194 form a touch screen, which is also called a "touch screen". The touch sensor 180K is for detecting a touch operation acting thereon or thereabout. The touch sensor may communicate the detected touch operation to the application processor to determine the touch event type. Visual output related to touch operations may be provided through the display 194. In other embodiments, the touch sensor 180K may also be disposed on the surface of the electronic device 100 at a different location than the display 194.

The keys 190 include a power-on key, a volume key, etc. The keys 190 may be mechanical keys. Or may be a touch key. The electronic device 100 may receive key inputs, generating key signal inputs related to user settings and function controls of the electronic device 100.

The motor 191 may generate a vibration cue. The motor 191 may be used for incoming call vibration alerting as well as for touch vibration feedback.

The electronic device 100 implements display functions through a GPU, a display screen 194, an application processor, and the like. The GPU is a microprocessor for image processing, and is connected to the display 194 and the application processor. The GPU is used to perform mathematical and geometric calculations for graphics rendering. Processor 110 may include one or more GPUs that execute program instructions to generate or change display information.

The display screen 194 is used to display images, videos, and the like. In some embodiments, the electronic device 100 may include 1 or N display screens 194, N being a positive integer greater than 1.

The camera 193 is used to capture still images or video. In some embodiments, electronic device 100 may include 1 or N cameras 193, N being a positive integer greater than 1.

The SIM card interface 195 is used to connect a SIM card. The SIM card may be inserted into the SIM card interface 195, or removed from the SIM card interface 195 to enable contact and separation with the electronic device 100. The electronic device 100 may support 1 or N SIM card interfaces, N being a positive integer greater than 1.

The embodiment of the present application is not particularly limited to a specific structure of an execution body of a data protection method, as long as processing can be performed with a data protection method provided according to the embodiment of the present application by running a code recorded with a data protection method of the embodiment of the present application. For example, the execution body of a data protection method provided in the embodiments of the present application may be a functional module in an electronic device that can call a program and execute the program, or a processing apparatus, such as a chip, applied to the electronic device.

Currently, rich execution environments (rich execution environment, REEs) and trusted execution environments (trusted execution environment, TEEs) are supported in many electronic devices.

The REE execution environment is typically used to run a general-purpose operating system, such as an android system, an IOS system, and the like. The operating system in turn provides the basic functionality and computing resources for the installed application. The REE execution environment can provide system security, however, because of the large system, it is difficult to perform comprehensive security verification and authentication, so the REE execution environment is an open environment that is relatively vulnerable to attack. In the embodiment of the application, the REE execution environment can be equivalent to an operating system.

The TEE execution environment is a secure area on the central processor for digital rights management, mobile payment and sensitive data protection. Sensitive data is processed within the secure region, thereby protecting against software attacks from the REE execution environment. Typically, some trusted applications run in a TEE execution environment.

The TEE execution environment and the REE execution environment are two parallel independent operation environments, and an interface is provided for software in the REE execution environment inside the TEE execution environment, so that the software in the REE execution environment can call the TEE execution environment to process data, but sensitive data cannot be leaked.

In order to further improve the security, some electronic devices are further provided with an independent security chip (Secure Processing Unit, SPU), wherein the security chip is a device capable of independently generating and encrypting and decrypting a key, and is internally provided with an independent processor and a storage unit, and can store the key and characteristic data to provide encryption and security authentication services for the electronic devices.

As an example, the security chip can complete the functions of storing and partially locking the screen, and the security level of storing and locking the sensitive information is improved.

In general, the security chip can communicate with a main chip (central processing unit) of the electronic device, the central processing unit can store sensitive information in the security chip, and the encryption and decryption processes are completed inside the security chip, so that the security level is high.

If the electronic device supports the REE execution environment and the TEE execution environment and is further provided with a security chip, the chip architecture of the electronic device is shown in fig. 2.

As shown in fig. 2, the electronic device is provided with a chip platform (central processing unit), and the chip platform may be a high-pass chip, a co-chip, or the like.

The chip platform supports a REE execution environment to run a general-purpose operating system of the electronic device, such as an android operating system (android).

The chip platform also supports a TEE execution environment to further improve the security of the electronic device. For example, mobile payment and sensitive data may be secured.

The electronic equipment is also provided with an independent safety chip which can communicate with the chip platform so as to further improve the safety of the electronic equipment. For example, to improve security of lock screens and storage, etc.

It should be noted that, in the embodiment of the present application, TEE execution environment protection data and security chip protection data are only used as examples, and may be different from the above listed data in practical application.

Currently, the security level of the security chip is higher than that of the TEE execution environment, the security level of the TEE execution environment is higher than that of the REE execution environment, the REE execution environment is used for running the operating system, and the operating system has certain security. In the embodiment of the application, the service lower than the security level of the operating system can be recorded as a common service. Therefore, the security level of the operating system is higher than that of the normal business.

In view of the above description, the electronic device in the embodiments of the present application may provide four different levels of security environments: normal business, operating system, TEE execution environment and security chip. Each secure environment is used to protect sensitive data handled by the secure environment.

However, as user demand increases, some secure environments have failed to meet the security requirements of the sensitive data being processed, resulting in the risk of leakage of data in some low security level secure environments.

As an example, although the TEE execution environment belongs to an execution environment with a relatively high security level, in practical applications, it is still necessary to increase the security level of some key modules (e.g., main task code segments, etc.) in the TEE execution environment to increase the security of sensitive data in the TEE execution environment.

Similarly, although the operating system itself has some system-level protection, in practical applications, there is still a need to increase the security level of certain critical modules (e.g., daemons, lib libraries, etc.) in the operating system. To improve security of sensitive data in the operating system. Of course, critical modules in some common traffic (e.g., TE client libraries, terminalEmulation client) also need to provide some system-level protection.

The embodiment of the application provides a more convenient data protection method, which can improve the safety of the safety environment with low safety level (relatively speaking) in the electronic equipment by utilizing the existing conditions in the electronic equipment, thereby improving the safety of the data in the low safety level.

Referring to fig. 3, a technical architecture diagram of a data protection method according to an embodiment of the present application is provided.

The technology architecture is that a REE execution environment of security class A (execution environment is used for running an operating system) and a TEE execution environment of security class B can be run on a chip platform in a diagram. The technical architecture also comprises a security chip with a security level C. The security levels are a security level A, a security level B and a security level C in sequence from low to high.

Wherein, the REE execution environment and the TEE execution environment are provided with a virtual machine monitor (hypervisor) and a security monitor (security monitor) at the lower layer.

A security monitor (security monitor) is a program running in EL3 rights to register callbacks of SMC instructions, forwarding messages between the re execution environment and the TEE execution environment.

A virtual machine monitor (hypervisor) is a software layer running between a physical layer and a system (a re execution environment or a TEE execution environment), and may allow multiple systems (the re execution environment and the TEE execution environment) to share hardware in EL2 rights.

In the embodiment of the application, an operating system running in the REE execution environment is taken as an android operating system (android) as an example. In practical application, the android operating system in the embodiment of the application may also be other operating systems, which are not exemplified one by one.

In the android operating system, a Linux environment (Linux Env) and a TEE driver (TEE-driver) are in the EL1 authority. The TEE driver is an android driver of the TEE execution environment.

In the android operating system, there are android running environment (Android Runtime Env), TEE client Lib/HAL (TEE client interface library), android framework layer (Android framework) and applications (e.g., USB-key, wallet application (wallet) and payment application (Pay)) in EL0 rights.

Wherein EL0, EL1, EL2 and EL3 are different levels of rights.

The android system has certain security. Therefore, the security level of key modules in common business in the electronic equipment can be improved through the android system. Wherein the operation of the key modules in the common business depends on the services provided by the operating system.

In particular implementations, a system metric module may be provided in the operating system that is used to increase the security level of critical modules in the normal business. For example, the hash value of the code segment of the critical module in the normal business may be stored in the system metric module. The hash value of the key module of the common service is verified through the system measurement module, so that whether the code segment of the key module in the common service is tampered is determined.

In addition, the TEE execution environment has microkernel (micro-kernel) in the EL1 authority.

TEE framework services (TEE framework service) with TEE framework APIs in EL0 rights in TEE execution environments, TEE internal APIs (providing interfaces for trusted applications to access TEE systems), and applications (e.g., USB-keys, payment applications, citizen network Electronic Identity (EID), and other trusted applications).

The security level of the TEE execution environment is higher than that of the re execution environment, and thus, the security level of key modules in the operating system may be improved by the TEE execution environment.

In a specific implementation, a TEE measurement module may be set in a TEE execution environment, where the TEE measurement module is used to improve a security level of a key module in an android operating system, for example, a hash value of a code segment of the key module in the android operating system may be stored in the TEE measurement module. And verifying the hash value of the key module in the android operating system through the TEE measurement module to determine whether the code segment of the key module in the android operating system is tampered.

It should be noted that the architecture of the android operating system and the TEE execution environment in the embodiments of the present application is only used as an example, and does not impose any limitation on the present application.

The security level of the security chip is higher than that of the TEE execution environment, and thus, the security level of the key module in the TEE execution environment can be improved by the security chip.

In a specific implementation, a security chip metric module may be provided in the security chip, where the security chip metric module is configured to increase a security level of a critical module in the TEE execution environment, and for example, a hash value of a code segment of the critical module in the TEE execution environment may be stored in the security chip metric module. And verifying the code segment hash value of the key module in the TEE execution environment by the security chip measurement module to determine whether the code segment of the key module in the TEE execution environment is tampered.

As can be appreciated from the above examples, when there are at least two security environments with different security levels in the electronic device, if the security level of a certain security environment (the security environment with a non-highest security level) needs to be improved, the security of the key module in the security environment with a lower security level can be improved by the security environment with a higher security level.

The key modules in each security environment (common business, operating system, TEE execution environment, security chip, etc.) in the embodiments of the present application may be set by a developer. The key modules in different electronic devices may be different due to the variability between the functionality provided by the different electronic devices.

In the above example, the hash calculation may be performed on the code segment of the key module that needs to improve security, to obtain the hash value of the code segment of the key module that needs to improve security. Presetting the obtained hash value into a measurement module with a higher security level.

For example, the hash value of the code segment of the key module requiring security improvement may be preset to the metric module one security level higher, the hash value of the code segment of the key module requiring security improvement may be preset to the metric module two security levels higher, and the hash value of the code segment of the key module requiring security improvement may be preset to the metric module more security levels higher.

The process of presetting the hash value can be carried out before delivery, and the preset hash value is obtained by calculating a code segment of a key module before delivery.

If the system is updated and upgraded in the using process of the electronic equipment, and the key module is updated and upgraded, the hash value of the code section of the key module to be updated can be preset when the system is updated and upgraded.

When the security verification is required, a computing module in the security environment where the key module to be verified is located computes a hash value of a code segment of the current key module, the hash value is sent to a measuring module for presetting the hash value of the code segment of the key module, and the measuring module compares the preset hash value with the latest received hash value to determine whether the code segment of the key module is tampered.

Since critical modules are typically modules that need to be serviced in a secure environment that relies on a high level of security. Therefore, when the measurement module with high security level compares the preset hash value with the latest hash value, the obtained verification result is that the verification is successful, which indicates that the key module in the security environment with low security level is not tampered, and the security environment with high security level can continue to provide service for the key module in the security environment with low security level. If the obtained verification result is verification failure, the key module in the low-security-level security environment is tampered, and in order to prevent the tampered key module from data leakage during operation, the high-security-level security environment stops providing services for the key module in the low-security-level security environment when the verification result is verification failure. After the critical module in the low security level security environment is stopped from being serviced, the critical module will not be able to operate, thereby improving the security of the data processed by the critical module.

Based on the above understanding, the data protection method provided in the embodiments of the present application will be described through specific embodiments.

If the security of the key module in the TEE execution environment is improved through the security chip, the following pre-work needs to be performed:

before leaving the factory, calculating a hash value of a code segment of a key module in the TEE execution environment, and presetting the hash value in a security chip measurement module. Correspondingly, when the electronic equipment system is updated and the key module is updated, the hash value of the code segment of the key module in the updated TEE execution environment is set in the update package. During the upgrade process, the hash value will be preset into the secure chip metric module.

If the security of the key module of the operating system is improved through the TEE execution environment in the embodiment of the application, the following pre-work needs to be performed:

before leaving the factory, calculating a hash value of a code segment of a key module in an operating system, and presetting the hash value in a TEE measurement module. Correspondingly, when the electronic equipment system is updated and the key module is updated, the hash value of the code segment of the key module in the updated operating system is set in the upgrade package. During the upgrade, the hash value will be preset into the TEE metrics module.

If the security of the key module of the common service is improved through the operating system in the embodiment of the application, the following pre-working needs to be performed:

before leaving the factory, the hash value of the code segment of the key module in the common business is calculated, and the hash value is preset in the system measurement module. Correspondingly, when the electronic equipment system is updated and the key module is updated, the hash value of the code segment of the key module in the updated common service is set in the update package. During the upgrade process, the hash value will be preset into the system metric module.

After describing the pre-working of the data protection method provided by the embodiment of the application, how to verify the hash value based on the data protection method provided by the embodiment of the application so as to improve the security of the data of the electronic device is described.

According to the embodiment of the application, the data security verification (the hash value verification of the code segment of the key module) can be performed when the electronic equipment is started, and the data security verification (the hash value verification of the code segment of the key module) can also be performed in a preset time period in the starting state of the electronic equipment. The data security verification can be carried out when the electronic equipment is started, and meanwhile, the data security verification is carried out in a preset time period after the electronic equipment is started. Data security verification may also be performed by user triggers (e.g., by controls provided on the interface).

Taking the electronic device start-up as an example, if the security of the key module in the TEE execution environment is improved by the security chip in the embodiment of the present application, the verification process shown in fig. 4 is executed when the electronic device starts up:

in step 101, a computing module in the TEE execution environment calculates a hash value of a code segment of a key module in the TEE execution environment.

In step 102, the computing module in the tee execution environment sends the hash value to the secure chip metric module.

And step 103, the security chip measurement module determines whether the received hash value is consistent with a preset hash value of the code segment of the key module, and a verification result (verification success or verification failure) is obtained.

Step 104, in case of verification failure, the security chip stops providing services to the key modules in the TEE execution environment.

After the secure chip stops providing services to critical modules in the TEE execution environment, the critical modules in the TEE execution environment are not available (cannot function properly).

As another example, if the verification result is that the verification is successful (alignment is consistent), the secure chip continues to provide services to critical modules in the TEE execution environment. In a specific implementation, if the operation of other modules in the TEE execution environment does not depend on the key module, if the key module in the TEE execution environment is not available, the other modules in the TEE execution environment are available (normal operation). If the operation of other modules in the TEE execution environment depends on the key module, if the key module in the TEE execution environment is not available, the other modules in the TEE execution environment are not available (cannot operate normally). Of course, in practical application, other modules whose running process depends on the key module and other modules whose running process does not depend on the key module participate may exist in the TEE execution environment at the same time. In addition, the critical module may be one module or multiple modules in the TEE execution environment.

If the security of the key module of the operating system is improved by the TEE execution environment in the embodiment of the present application, the verification process shown in fig. 5 is executed when the electronic device is started up:

in step 201, a computing module in the operating system computes a hash value of a code segment of a critical module in the operating system.

In step 202, a computing module in the operating system sends the hash value to the TEE metric module.

In step 203, the tee measurement module determines whether the received hash value is consistent with a preset hash value of the code segment of the key module, and obtains a verification result.

In step 204, in the event of verification failure, the TEE execution environment stops providing services to critical modules in the operating system.

After the TEE execution environment stops providing services to critical modules in the operating system, the critical modules in the operating system are not available (cannot function properly).

As another example, if the verification result is that the verification is successful (alignment is consistent), the TEE execution environment continues to provide services to critical modules in the operating system.

In a specific implementation, if the operation of other modules in the operating system does not depend on the key module, the other modules in the operating system are available (normal operation) if the key module in the operating system is not available. If the operation of other modules in the operating system depends on the key module, the other modules in the operating system are not available (cannot operate normally) if the key module in the operating system is not available. Of course, in practical application, other modules whose running process depends on the key module and other modules whose running process does not depend on the key module may exist in the operating system at the same time. In addition, the critical module may be one or more modules in the operating system.

If the security of the key module of the common service is improved through the operating system in the embodiment of the present application, the verification process shown in fig. 6 is executed when the electronic device is started up:

in step 301, a computing module in the normal service computes a hash value of a code segment of a key module in the normal service.

In step 302, the computing module in the normal service sends the hash value to the system metric module.

In step 303, the system metric module determines whether the received hash value is consistent with a preset hash value of the code segment of the key module, so as to obtain a verification result (verification success or verification failure).

Step 304, in case of verification failure, the operating system stops providing services to the key modules in the normal business.

After the operating system stops providing services to the critical modules in the normal service, the critical modules in the normal service are not available (cannot operate properly).

As another example, if the verification result is that the verification is successful (alignment is consistent), the operating system continues to provide services to the critical modules in the normal business. In a specific implementation, if the operation of other modules in the common service does not depend on the key module, the other modules in the common service are available in a case that the key module in the common service is not available. If the operation of other modules in the common service depends on the key module, the other modules in the common service are not available under the condition that the key module in the common service is not available. Of course, in practical application, other modules whose operation process depends on the key module and other modules whose operation process does not depend on the key module may exist in common business at the same time. In addition, the key module may be one module or a plurality of modules in the normal service.

The embodiment of the application can record the hash value verification executed in the starting-up stage of the electronic equipment as static verification, and is shown in fig. 7.

As described above, the verification of the data security may also be performed in a preset time period after the electronic device is turned on. For example, after the electronic device is turned on, the verification process of the hash value of the key module performed when the electronic device is turned on in the above embodiment is performed for a preset period of time, and this process is denoted as dynamic verification, and is shown in fig. 7.

In addition, after the electronic device is started, a watchdog (timer) may be further added to improve the security of the security environment with the higher security level in the above embodiment, so as to ensure that the security environment with the higher security level for providing verification work and services for key modules in the security environment with the lower security level is secure.

For example, after the electronic device is started, a program in the high-security-level security environment in the above embodiment (which may be a monitoring task in the high-security-level security environment) is triggered for performing the feeding operation for a preset period of time, and whether the feeding operation is performed is also used as a data security verification condition.

Wherein the monitoring task may monitor the operation of one or more tasks (monitored tasks) in a high security level security environment. The monitoring task has a higher priority than the task being monitored. When the monitored tasks work normally, the watchdog timer performs a watchdog feeding operation (zero clearing). If the monitoring task monitors that any task fails, the dog feeding operation is not performed, namely the watchdog timer is not cleared. If the watchdog timer is not reset (cleared) within a certain time range, the watchdog timer will overflow.

In the embodiment of the present application, the feeding operation and the hash value verification of the code segment of the key module in the above embodiment may be performed in a preset time period. Also, the feeding operation and the hash value verification may be two independent tasks performed in the same time period.

If the hash value of the code segment of the key module in the time period is successfully verified, and the dog feeding operation in the time period is successful (the timer is cleared), the key module in the security environment with the low security level is continuously available, the security environment with the high security level is continuously available, and the next time period is entered; if the hash value verification of the code segment of the key module in the time period fails, the key module in the security environment with the low security level is not available (the security environment with the high security level does not provide service any more), and if the dog feeding in the time period fails (no dog feeding operation or the dog feeding operation does not successfully clear the timer), the security environment with the high security level is not available, and the key module in the security environment with the low security level is not available naturally.

Of course, in practical application, if the feeding operation and the hash value verification are two independent tasks, the time period of the feeding operation and the time period of the hash value verification may be different.

In practical application, the feeding operation and the hash value verification can also be tasks with a front-back association relationship.

As an example, at each time period, the steps shown in fig. 8 are performed:

step 401, hash value verification of key modules in a security environment with a low security level.

Step 402, it is determined whether the hash value verification is successful.

In case the hash value verification fails, result 1 is obtained: critical modules in a low security level security environment are not available.

Step 403, triggering the monitoring task in the high security level security environment to execute the dog feeding operation according to the running condition of the monitored task in the high security level security environment under the condition that the hash value verification is successful.

It should be noted that, in step 402, in the case that the hash value verification fails, the monitoring task in the high security level security environment continues to perform the feeding operation according to the running situation of the monitored task in the high security level security environment.

If the monitored task fails in the high security level security environment, then result 2: the monitoring task in the high security level security environment does not perform the feeding operation any more, and the natural feeding fails (the feeding is not performed), so the high security level security environment is not available. Naturally, key modules in a low security level security environment are not available.

If the monitored task operates normally in the high security level security environment, a result 3 is obtained: the monitoring task in the high security level security environment performs the feeding operation, clears the watchdog timer, the feeding is successful, the high security level security environment continues to be available, and whether the high security level security environment continues to provide service to the key module in the low security level security environment depends on the verification result of the hash value in step 402.

As an example, if the security of the key module in the TEE execution environment is improved by the security chip according to the embodiment of the present application, the following verification process (two independent and simultaneously executed tasks with the same time period) is executed after the electronic device is powered on:

(1) And the monitoring task in the safety chip executes the feeding operation according to the running condition of the monitored task in the safety chip according to the preset time period. If the watchdog timer in the secure chip overflows (the watchdog is failed), the secure chip will not be available, and the secure chip cannot provide service for the key module in the TEE execution environment, and the key module in the TEE execution environment is naturally unavailable. This situation improves the security of the security chip (the service provided) and thus the security of the hash value verification performed in the security chip. Of course, if the watchdog timer in the secure chip does not overflow (the watchdog is fed successfully), the secure chip continues to be available, and the secure chip can provide services for critical modules in the TEE execution environment.

(2) The computing module in the TEE execution environment computes a hash value of a key module in the TEE execution environment according to a preset time period, and sends the computed hash value to the security chip measurement module. If the security chip measurement module fails to verify the transmitted hash value, the security chip no longer provides service for the key module in the TEE execution environment, and the key module in the TEE execution environment is not available. If the security chip measurement module successfully verifies the transmitted hash value, the security chip continues to provide services for the key modules in the TEE execution environment, and the key modules in the TEE execution environment are available.

If two independent tasks are executed in the same time period, two independent tasks are integrated, and each time period may obtain any one of the following execution results:

(1) If the hash value verification of the key module in the TEE execution environment fails, the dog feeding in the security chip fails, the security chip is not available, the key module in the TEE execution environment is not available, and whether other modules in the TEE execution environment are available depends on whether the operation of the other modules depends on the key module.

(2) If the hash value verification of the key module in the TEE execution environment is successful and the dog feeding fails, the security chip is not available, the key module in the TEE execution environment is not available, and whether other modules in the TEE execution environment are available depends on whether the operation of the other modules depends on the key module.

(3) If the hash value verification of the key module in the TEE execution environment fails, and the dog feeding is successful, the security chip is available, the key module in the TEE execution environment is not available, and whether other modules in the TEE execution environment are available depends on whether the operation of the other modules depends on the key module.

(4) If the hash value verification of the key module in the TEE execution environment is successful and the feeding is successful, the security chip is available, and the key module in the TEE execution environment is available.

Of course, in practical application, the time period of the feeding operation in the secure chip and the time period of the verification of the hash value of the key module in the TEE execution environment may also be different (two independent and simultaneously running tasks with different time periods).

As an example, after the electronic device is turned on, the security chip is available, the key module in the TEE execution environment is also available, and the key module in the TEE execution environment is also available as the feeding operation is performed according to the time period a (both feeding the dog succeed) and the hash value verification of the key module in the TEE execution environment is performed according to the time period B (both verification succeed).

If the dog feeding failure event in the security chip occurs first, the security chip is not available, and meanwhile, the security chip cannot provide service for the key module in the TEE execution environment, so that the key module in the TEE execution environment is not available. Even if the computing module in the TEE execution environment sends the hash value of the key module to the secure chip measurement module, the secure chip may not be able to successfully receive, or even if it is able to successfully receive, it may not be able to perform hash value verification, or even if it is able to perform hash value verification, it may not be able to provide services for the key module in the TEE execution environment.

If the hash value verification failure event of the key module in the TEE execution environment occurs first, the security chip does not provide service for the key module in the TEE execution environment any more, and the key module in the TEE execution environment is not available. However, the feeding operation in the secure chip is not affected by the failure of the hash value verification, and the secure chip will continue to perform the feeding operation according to the running condition of the monitored task in the secure chip in the time period a.

As described above, the high security level security environment may also perform the hash value verification first and then perform the feeding operation every time period (the same time period, perform the hash value verification first and then perform the feeding operation).

And the TEE execution environment sends the hash value of the code segment of the key module in the TEE execution environment to the security chip measurement module according to the preset time period.

After the secure chip metric module receives the hash value, the secure chip metric module first verifies the received hash value. If the verification fails, the key module in the TEE execution environment is not available, and the security chip continues to execute the feeding operation. If the verification is successful, the security chip continues to execute the feeding operation.

And the monitoring task in the security chip executes the dog feeding operation according to the running condition of the monitored task. If the feeding of the dog fails, the security chip is not available, and the key module in the TEE execution environment is not available. If the dog feeding is successful, the security chip is available, and meanwhile, whether to provide service for the key module in the TEE execution environment is determined according to the verification result of the hash value of the key module in the TEE execution environment.

As another example, if the embodiment of the present application improves the security of the key module of the operating system through the TEE execution environment, the following verification process (two independent tasks) is performed after the electronic device is powered on:

(1) And executing the dog feeding operation by the monitoring task in the TEE execution environment according to the running condition of the monitored task in the TEE execution environment according to the preset time period. If the watchdog timer in the TEE execution environment overflows (fails to feed the dog), the TEE execution environment will not be available, nor will the TEE execution environment provide services for the critical modules in the operating system, which are naturally unavailable. This situation improves the security of the TEE execution environment (provided service), thereby improving the security of hash value verification performed in the TEE execution environment. Of course, if the watchdog timer in the TEE execution environment does not overflow (the watchdog is successful), the TEE execution environment continues to be available, and the TEE execution environment may serve critical modules in the operating system.

(2) The computing module in the operating system computes the hash value of the key module in the operating system according to a preset time period, and sends the computed hash value to the TEE measuring module. If the TEE measurement module fails to verify the sent hash value, the TEE execution environment no longer provides service for the key module in the operating system, and the key module in the operating system is not available. If the TEE measurement module successfully verifies the sent hash value, the TEE execution environment continues to provide services for key modules in the operating system, and the key modules in the operating system are available.

(1) If the hash value verification of the key module in the operating system fails, the dog feeding in the TEE execution environment fails, the TEE execution environment is not available, the key module in the operating system is not available, and whether other modules in the operating system are available depends on whether the operation of the other modules depends on the key module.

(2) If the hash value verification of the key module in the operating system is successful and the dog feeding fails, the TEE execution environment is not available, the key module in the operating system is not available, and whether other modules in the operating system are available depends on whether the operation of the other modules depends on the key module.

(3) If the hash value verification of the key module in the operating system fails, and the dog feeding is successful, the TEE execution environment is available, the key module in the operating system is not available, and whether other modules in the operating system are available depends on whether the operation of the other modules depends on the key module.

(4) If the hash value verification of the key module in the operating system is successful and the dog feeding is successful, the TEE execution environment is available, and the key module in the operating system is available.

Of course, in practical application, the time period of the dog feeding operation in the TEE execution environment and the time period of verification of the hash value of the key module in the operating system may also be different.

As an example, after the electronic device is turned on, the TEE execution environment is available, the key modules in the operating system are also available, and as the feeding operation is performed according to the time period C (both feeding the dog succeed) and the hash value verification of the key modules in the operating system is performed according to the time period D (both verification succeed), the TEE execution environment is available, and the key modules in the operating system are also available.

If the dog feeding failure event in the TEE execution environment occurs first, the TEE execution environment is not available, and meanwhile, the key modules in the operating system are not available because the TEE execution environment cannot provide services for the key modules in the operating system. Even if the computing module in the operating system sends the hash value of the key module to the TEE metric module, the TEE execution environment may not be able to successfully receive, or even if it is able to successfully receive, it may not be able to perform hash value verification, or even if it is able to perform hash value verification, it may not be able to provide services for the key module in the operating system.

If the hash value verification failure event of the key module in the operating system occurs first, the TEE execution environment no longer provides service for the key module in the operating system, and the key module in the operating system is not available. However, the dog feeding operation in the TEE execution environment is not affected by the failure of the hash value verification, and the TEE execution environment will continue to execute the dog feeding operation according to the running condition of the monitored task in the TEE execution environment according to the time period C.

The operating system sends the hash value of the code segment of the key module in the operating system to the TEE measurement module according to the preset time period.

After the TEE measurement module receives the hash value, the received hash value is verified first. If the verification fails, the key module in the operating system is not available, and the TEE execution environment continues to execute the feeding operation. If the verification is successful, the TEE execution environment continues to execute the feeding operation.

And the monitoring task in the TEE execution environment executes the feeding operation according to the running condition of the monitored task. If the feeding of the dog fails, the TEE execution environment is not available, while the critical modules in the operating system are not available. If the dog feeding is successful, the TEE execution environment is available, and meanwhile, whether to provide service for the key module in the operating system is determined according to the verification result of the hash value of the key module in the operating system.

As another example, if the embodiment of the present application improves the security of the key module of the normal service through the operating system, the following verification process (two independent tasks) is performed after the electronic device is powered on:

(1) And the monitoring task in the operating system executes the feeding operation according to the running condition of the monitored task in the operating system according to the preset time period. If the watchdog timer in the operating system overflows (the watchdog is failed), the operating system is not available, and the operating system cannot provide service for the key module in the common service, and the key module in the common service is naturally unavailable. This improves the security of the operating system (the service provided) and thus the security of the hash value verification performed in the operating system. Of course, if the watchdog timer in the operating system does not overflow (the watchdog is fed successfully), the operating system continues to be available, and the operating system can provide service for key modules in the common business.

(2) The calculation module in the common service calculates the hash value of the key module in the common service according to the preset time period, and sends the calculated hash value to the system measurement module. If the system measurement module fails to verify the transmitted hash value, the operating system does not provide service for the key module in the common task, and the key module in the common service is not available. If the system measurement module successfully verifies the transmitted hash value, the operating system continues to provide services for the key modules in the common service, and the key modules in the common service are available.

(1) If the hash value verification of the key module in the common service fails, the operating system fails to feed the dog, the operating system is not available, the key module in the common service is not available, and whether other modules in the common service are available depends on whether the operation of the other modules depends on the key module.

(2) If the hash value verification of the key module in the common service is successful and the dog feeding fails, the operating system is not available, the key module in the common service is not available, and whether other modules in the common service are available depends on whether the operation of the other modules depends on the key module.

(3) If the hash value verification of the key module in the common service fails, the dog feeding is successful, the operating system is available, the key module in the common service is unavailable, and whether other modules in the common service are available depends on whether the operation of the other modules depends on the key module.

(4) If the hash value of the key module in the common service is successfully verified, the operation system is available, and the key module in the common service is available.

Of course, in practical application, the time period of the dog feeding operation in the operating system and the time period of the verification of the hash value of the key module in the common service can also be different.

As an example, after the electronic device is turned on, the operating system is available, the key modules in the normal service are also available, the operation is performed according to the time period E (both the dog feeding is successful) and the hash value verification of the key modules in the normal service is performed according to the time period F (both the dog feeding is successful), and the key modules in the normal service are also available.

If the dog feeding failure event in the operating system occurs first, the operating system is not available, and meanwhile, the operating system cannot provide service for the key module in the common service, so that the key module in the common service is not available. Even if the computing module in the normal service sends the hash value of the key module to the operating system, the operating system may not be able to successfully receive the hash value, or even if the hash value is successfully received, the hash value verification cannot be performed, or even if the hash value verification can be performed, the key module in the normal service cannot be serviced.

If the hash value verification failure event of the key module in the common service occurs first, the operating system does not provide service for the key module in the common service any more, and the key module in the common service is not available. However, the dog feeding operation in the operating system is not affected by the failure of the hash value verification, and the operating system continues to execute the dog feeding operation according to the running condition of the monitored task in the operating system according to the time period E.

The common service sends the hash value of the code segment of the key module in the common service to the operating system according to the preset time period.

After the system metric module receives the hash value, the system metric module first verifies the received hash value. If the verification fails, the key module in the common service is not available, and the operating system continues to execute the dog feeding operation. If the verification is successful, the operating system continues to execute the feeding operation.

And the monitoring task in the operating system executes the dog feeding operation according to the running condition of the monitored task. If the dog feeding fails, the operating system is not available, and meanwhile, key modules in common business are not available. If the dog feeding is successful, the operating system can be used, and meanwhile, whether to provide service for the key module in the common service is determined according to the verification result of the hash value of the key module in the common service.

In practical applications, the multi-level data protection process may be performed simultaneously. The operating system improves the safety of the key modules of the common service, the TEE execution environment improves the safety of the key modules in the operating system, and the safety chip improves the safety of the key modules in the TEE execution environment.

In addition, the TEE execution environment in the embodiment of the present application is only one example of a security environment with a security level between the operating system and the security chip, and in practical application, other security environments may be used, for example, a trusted platform module or referred to as a trusted platform module (Trusted Platform Module, TPM).

In this embodiment of the present application, the security environment at the security level between the operating system and the security chip may be denoted as a first security environment, for example, the first security environment may be a TEE execution environment, may also be a TRM environment, and may, of course, be other security environments at the security level between the operating system and the security chip.

In order to facilitate distinguishing, in the present application, a security chip measurement module in a security chip may be denoted as a first measurement module, a key module in a first security environment is denoted as a first module, a calculation module in the first security environment is denoted as a first calculation module, a verification result obtained when the security chip performs hash value verification on the key module in the TEE execution environment is denoted as a first verification result, a time period when the security chip performs hash value verification on the key module in the TEE execution environment is denoted as a fifth time period, a monitoring task in the security chip is denoted as a first monitoring task, a dog feeding operation performed by the first monitoring task is denoted as a first dog feeding operation, and an execution period of the first dog feeding operation in the security chip is denoted as a sixth time period.

The measurement module in the first security environment may be marked as a second measurement module, the key module in the operating system may be marked as a second module, the calculation module in the operating system may be marked as a second calculation module, the verification result obtained when the first security environment performs hash value verification on the key module in the operating system may be marked as a second verification result, the time period when the first security environment performs hash value verification on the key module in the operating system may be marked as a third time period, the monitoring task in the first security environment may be marked as a second monitoring task, the feeding operation performed by the second monitoring task may be marked as a second feeding operation, and the execution period of the second feeding operation in the first security environment may be marked as a fourth time period.

The measurement module in the operating system may be denoted as a third measurement module, the key module in the normal service is denoted as a third module, the calculation module in the normal service is denoted as a third calculation module, the verification result obtained when the operating system performs hash value verification on the key module in the normal service is denoted as a third verification result, the time period when the operating system performs hash value verification on the key module in the normal service is denoted as a fifth time period, the monitoring task in the operating system is denoted as a third monitoring task, the dog feeding operation performed by the third monitoring task is denoted as a third dog feeding operation, and the execution period of the third dog feeding operation in the operating system is denoted as a sixth time period.

It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic of each process, and should not limit the implementation process of the embodiment of the present application in any way.

The embodiments of the present application also provide a computer readable storage medium storing a computer program, where the computer program can implement the steps in the above-mentioned method embodiments when executed by a processor.

The present application also provides a computer program product enabling a first device to carry out the steps of the method embodiments described above when the computer program product is run on the first device.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the present application implements all or part of the flow of the method of the above embodiments, and may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, where the computer program, when executed by a processor, may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, executable files or in some intermediate form, etc. The computer readable medium may include at least: any entity or device capable of carrying computer program code to a first device, a recording medium, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunication signal, and a software distribution medium. Such as a U-disk, removable hard disk, magnetic or optical disk, etc. In some jurisdictions, computer readable media may not be electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.

The embodiments of the present application also provide a chip system, where the chip system includes a processor, the processor is coupled to a memory, and the processor executes a computer program stored in the memory to implement the steps of any of the method embodiments of the present application. The chip system can be a single chip or a chip module composed of a plurality of chips.

In the foregoing embodiments, the descriptions of the embodiments are emphasized, and in part, not described or illustrated in any particular embodiment, reference is made to the related descriptions of other embodiments.

Those of ordinary skill in the art will appreciate that the elements and method steps of the examples described in connection with the embodiments disclosed herein can be implemented as electronic hardware, or as a combination of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

The above embodiments are only for illustrating the technical solution of the present application, and are not limiting thereof; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application.

Claims

1. A data protection method, applied to an electronic device, the electronic device including a processor running a first secure environment and a secure chip in which a first measurement module is disposed, the first secure environment having a first calculation module disposed therein, the method comprising:

the first computing module computes a hash value of a first module in the first secure environment, wherein the operation of the first module depends on services provided by the secure chip;

and if the first verification result is verification failure, stopping providing service to the first module by the security chip.

2. The method of claim 1, wherein the first computing module computing a hash value of a first module in a first secure environment comprises:

when the electronic equipment is started, the first computing module computes a hash value of a first module in the first security environment.

3. The method of claim 1 or 2, wherein the first computing module calculating a hash value of a first module in a first secure environment comprises:

after the electronic device is started, the first computing module computes a hash value of a first module in the first security environment in a first time period.

4. The method of claim 3, wherein the security chip further has a first monitoring task disposed therein, the method further comprising:

after the electronic equipment is started, the first monitoring task executes a first dog feeding operation according to the running condition of the security chip in a second time period;

if the first feeding dog operation fails, the security chip is not available, wherein the security chip no longer provides service for the first module if the security chip is not available.

5. A method as claimed in claim 3, wherein a first monitoring task is further provided in the security chip, the method further comprising, after the obtaining of the first verification result:

and if the first dog feeding operation is successful, the security chip is available, wherein the security chip provides service for the first module under the condition that the security chip is available.

6. The method of claim 5, wherein the security chip stopping providing service to the first module if the first authentication result is authentication failure, comprising:

and if the first verification result is verification failure, the first monitoring task does not execute the first feeding operation any more, wherein if the first monitoring task does not execute the first feeding operation any more, the first feeding operation fails.

7. The method of claim 1, wherein an operating system is further running on the processor, a second computing module is disposed in the operating system, a second metric module is disposed in the first secure environment, and the method further comprises:

and if the second verification result is verification failure, stopping providing the service to the second module by the first security environment.

8. The method of claim 7, wherein the second computing module calculating a hash value of a second module in the operating system comprises:

and when the electronic equipment is started, the second calculation module calculates a hash value of a second module in the operating system.

9. The method of claim 7 or 8, wherein the second computing module calculating a hash value of a second module in the operating system comprises:

after the electronic equipment is started, the second calculation module calculates a hash value of a second module in the operating system in a third time period.

10. The method of claim 9, wherein a second monitoring task is also provided in the first secure environment, the method further comprising:

if the second feeding dog operation fails, the first safety environment is not available, wherein the first safety environment does not provide service for the second module any more under the condition that the first safety environment is not available.

11. The method of claim 9, wherein a second monitoring task is further provided in the first secure environment, and wherein after the obtaining the second verification result, the method further comprises:

if the second verification result is that verification is successful, the second monitoring task executes a second feeding operation based on the running condition of the first safety environment;

and if the second feeding dog operation is successful, the first safety environment is available, wherein the safety chip provides service for the first module under the condition that the first safety environment is available.

12. The method of claim 11, wherein the first secure environment ceasing to provide service to the second module if the second authentication result is an authentication failure, comprising:

and if the second verification result is verification failure, the second monitoring task does not execute the second feeding operation any more, wherein if the second monitoring task does not execute the second feeding operation any more, the second feeding operation fails.

13. The method of claim 7, wherein a third computing module is disposed in a normal service of the electronic device, the normal service being a service having a security level lower than that of the operating system, and a third metric module is disposed in the operating system, the method further comprising:

the third calculation module calculates a hash value of a third module of the common service, wherein the operation of the third module depends on the service provided by the operating system;

And if the third verification result is verification failure, stopping providing the service to the third module by the operating system.

14. The method of claim 13, wherein the third computing module calculating a hash value of a third module in the normal traffic comprises:

and when the electronic equipment is started, the third calculation module calculates a hash value of a third module in the common service.

15. The method of claim 13 or 14, wherein the third computing module calculating a hash value of a third module in the normal service comprises:

16. The method of claim 15, wherein a third monitoring task is also provided in the operating system, the method further comprising:

after the electronic equipment is started, the third monitoring task executes a third dog feeding operation according to the running condition of the operating system in a sixth time period;

and if the third feeding dog operation fails, the operating system is not available, wherein the operating system does not provide service for the third module any more under the condition that the operating system is not available.

17. The method of claim 15, wherein a third monitoring task is further provided in the operating system, and wherein after the obtaining the third verification result, the method further comprises:

if the third feeding dog operation fails, the operating system is not available, wherein the operating system does not provide service for the third module any more under the condition that the operating system is not available;

and if the third feeding dog operation is successful, the operating system is available, wherein the operating system provides service for the third module under the condition that the operating system is available.

18. The method of claim 17, wherein the operating system stopping providing services to the third module if the third verification result is a verification failure, comprising:

and if the third verification result is verification failure, the third monitoring task does not execute the third feeding operation any more, wherein if the third monitoring task does not execute the third feeding operation any more, the third feeding operation fails.

19. An electronic device comprising a processor and a security chip for running a computer program stored in a memory to cause the electronic device to implement the method of any one of claims 1 to 18.

20. A chip system comprising a processor and a security chip, the processor being coupled to a memory, the processor executing a computer program stored in the memory to implement the method of any one of claims 1 to 18.